gh0strat | 2cbc6606fe7d4a6ac27a9e0fe429c0d5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2cbc6606fe7d4a6ac27a9e0fe429c0d5_JaffaCakes118
Size

152KB
MD5

2cbc6606fe7d4a6ac27a9e0fe429c0d5
SHA1

534fe1baa675d1a9a839fffbbe97efbc50f9de3a
SHA256

1b75338f51a94f344993b98d38e61444b24d4105ed2306f2f09421e73f93bd61
SHA512

095ccc5a6b5ad8a4be63c708d00b7500b46319e245c76c2f0a7b8944e465840414e9a009da9ff7f7c4a91322bd1b13584d264ba1e862a8487e4db998a510c0e8
SSDEEP

3072:fUd9c7zdwzmd8cAKYh3L81PWEe8BTBft8Qkuco8/Bn:emzyzjfBpu48BTBlbkT

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2cbc6606fe7d4a6ac27a9e0fe429c0d5_JaffaCakes118

Files

2cbc6606fe7d4a6ac27a9e0fe429c0d5_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

629850d3ce5a42ee8cbed67094c22718

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrStrIA

kernel32

LoadLibraryA
RaiseException
HeapFree
HeapAlloc
GetProcessHeap
CloseHandle
lstrlenA
GetSystemInfo
GetVersionExA
GetProcessTimes
GetCurrentProcess
GlobalMemoryStatusEx
GetLastError
FreeLibrary
GlobalFree
GlobalAlloc
GetProcAddress
GetModuleHandleA
GetTempFileNameA
lstrcpyA
lstrcatA
GetSystemDirectoryA
Sleep
GetTickCount
GetCurrentProcessId
VirtualFree
DeleteFileA
RemoveDirectoryA
ExitThread
GetShortPathNameA
GetModuleFileNameA
IsBadReadPtr
IsBadStringPtrW
VirtualQuery
GetCurrentThreadId
VirtualAlloc
GetFileAttributesExA
lstrcmpA
lstrcmpiA
MultiByteToWideChar
SetEnvironmentVariableA
GetTempPathA
GetLongPathNameA
GetLocalTime
GlobalUnlock
GlobalLock
GlobalSize
MapViewOfFile
CreateFileMappingA
LocalFree
LocalAlloc
InterlockedExchange
InitializeCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
FormatMessageA
IsBadWritePtr
WideCharToMultiByte
ExpandEnvironmentStringsA
LocalReAlloc
LocalSize
ExitProcess
GetExitCodeProcess
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA

user32

ShowWindow
wsprintfA
GetClassNameA
GetWindow
EnableWindow
LoadCursorA
DestroyCursor
GetCursorInfo
wvsprintfA
CreateWindowExA
DestroyWindow
MessageBoxA
CloseWindowStation

oleaut32

SysFreeString

userenv

GetUserProfileDirectoryA
GetProfilesDirectoryA

ws2_32

WSAIoctl
getsockname
gethostname
setsockopt
socket
WSACleanup
connect
gethostbyname
recv
select
closesocket
send
shutdown
WSAStartup

iphlpapi

GetAdaptersInfo

msvcrt

strrchr
_onexit
__dllonexit
atoi
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_memicmp
_strupr
_stricmp
_strlwr
_wcsicmp
ceil
strchr
??2@YAPAXI@Z
memmove
_beginthreadex
strncat
strncpy
wcslen
free
_CxxThrowException
wcsrchr
malloc
realloc
wcstombs
??3@YAXPAX@Z
_except_handler3
strstr
strtol
__CxxFrameHandler
_ftol
srand
rand

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetVersion
DllInstall
DllRegisterServer

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

629850d3ce5a42ee8cbed67094c22718

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

oleaut32

userenv

ws2_32

iphlpapi

msvcrt

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 7KB